Module 7 : Factorization

Lecture 3 : Dixon's factorization method

 

Dixon's factorization metho d

In number theory, Dixon's factorization method (also Dixon's algorithm) is a general- purpose it is the prototypical factor base method, and the only factor base method for which a run-time bound not reliant on conjectures about the smoothness properties of values of a polynomial is known. The algorithm was designed by John D. Dixon, a mathematician at Carleton University, and was published in 1981.

Basic idea

Dixon's method is based on finding a congruence of squares modulo the integer N which we intend to factor. Fermat's factorization algorithm finds such a congruence by selecting random or pseudo-random xvalues and hoping that the integer x2 mod N is the square of an integer . :


For example, if N=84923, we notice (by starting at 292, the first number greater than and counting up) that  5052 mod 84923 is 256, the square of 16. So(505-16)(505+16)=0 mod N. Computing the GCD of 505-16 and N using Euclid's algorithm gives us 163, which is a factor of N.

In practice, selecting random x values will take an impractically long time to find a congruence of squares, since there are so few squares less than N.

Dixon's method replaces the condition 'is the square of an integer' with the much weaker one 'has only small prime factors'; for example, there are 292 squares less than 84923,
662 numbers whose prime factors are only 2,3,5 or 7, and 4767 whose prime factors are all less than 30.

If we have lots of numbers whose squares can be factorised as

for a fixed set     of small primes, linear algebra modulo 2 on the matrix eij will give us a subset of the ai  whose squares combine to a product of small primes to an even power -- that is, a subset of the ai  whose squares combine to a square.

Method

Firstly, a set of primes less than some bound B is chosen. This set of primes is called the factor base. Then, using the polynomial

p(x) = x2(mod n)

many values of x are tested to see if p(x) factors completely over the factor base. If it does, the pair (x, p(x)) is stored. Such a pair is called a relation. Then, once the number of relations collected exceeds the size of the factor base, we can enter the next stage.